This page lists publicly disclosed CVE vulnerabilities affecting microdicom dicom_viewer (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-1002 | MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user. | [email protected] | 5.7 | 0.15% | 2025-02-10 | 2025-03-03 |
| CVE-2024-33606 | An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability. | [email protected] | 8.6 | 0.46% | 2024-06-11 | 2025-04-23 |
| CVE-2024-28877 | MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability. | [email protected] | 8.7 | 0.69% | 2024-06-11 | 2025-04-10 |
| CVE-2024-25578 | MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application. | [email protected] | 7.8 | 0.24% | 2024-03-01 | 2025-03-06 |
| CVE-2024-22100 | MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to exploit the vulnerability. | [email protected] | 7.8 | 0.26% | 2024-03-01 | 2025-03-06 |